Biblio

Cryptography is the science or process used for the encryption and decryption of data that helps the users to store important information or share it across networks where it can be read only by the intended user. In this paper, Elliptic Curve Cryptography (ECC) has been proposed because of its small key size, less memory space and high speed. Elliptic curve scalar multiplication is an important part of elliptic curve systems. Here, the scalar multiplication is performed with the help of hybrid Karatsuba multiplier as the area utilization of Karatsuba multiplier is less. An alternative of digital signature algorithm, that is, Elliptic Curve Digital Signature Algorithm (ECDSA) along with the primary operations of elliptic curves have also been discussed in this paper.

This contribution provides the implementation of a holistic operational security assessment process for both steady-state security and dynamic stability. The merging of steady-state and dynamic security assessment as a sequential process is presented. A steady-state and dynamic modeling of a VSC-HVDC was performed including curative and stabilizing measures as remedial actions. The assessment process was validated by a case study on a modified version of the Nordic 32 system. Simulation results showed that measure selection based on purely steady-state contingency analysis can lead to loss of stability in time domain. A subsequent selection of measures on the basis of the dynamic security assessment was able to guarantee the operational security for the stationary N-1 scenario as well as the power system stability.

Concurrency programs often induce buggy results due to the unexpected interaction among threads. The detection of these concurrency bugs costs a lot because they usually appear under a specific execution trace. How to virtually explore different thread schedules to detect concurrency bugs efficiently is an important research topic. Many techniques have been proposed, including lightweight techniques like adaptive randomized scheduling (ARS) and heavyweight techniques like maximal causality reduction (MCR). Compared to heavyweight techniques, ARS is efficient in exploring different schedulings and achieves state-of-the-art performance. However, it will lead to explore large numbers of redundant thread schedulings, which will reduce the efficiency. Moreover, it suffers from the “cold start” issue, when little information is available to guide the distance calculation at the beginning of the exploration. In this work, we propose a Heuristic-Enhanced Adaptive Randomized Scheduling (HARS) algorithm, which improves ARS to detect concurrency bugs guided with novel distance metrics and heuristics obtained from existing research findings. Compared with the adaptive randomized scheduling method, it can more effectively distinguish the traces that may contain concurrency bugs and avoid redundant schedules, thus exploring diverse thread schedules effectively. We conduct an evaluation on 45 concurrency Java programs. The evaluation results show that our algorithm performs more stably in terms of effectiveness and efficiency in detecting concurrency bugs. Notably, HARS detects hard-to-expose bugs more effectively, where the buggy traces are rare or the bug triggering conditions are tricky.

Skyline computation is an increasingly popular query, with broad applicability to many domains. Given the trend to outsource databases, and due to the sensitive nature of the data (e.g., in healthcare), it is essential to evaluate skylines on encrypted datasets. Research efforts acknowledged the importance of secure skyline computation, but existing solutions suffer from several shortcomings: (i) they only provide ad-hoc security; (ii) they are prohibitively expensive; or (iii) they rely on assumptions such as the presence of multiple non-colluding parties in the protocol. Inspired by solutions for secure nearest-neighbors, we conjecture that a secure and efficient way to compute skylines is through result materialization. However, materialization is much more challenging for skylines queries due to large space requirements. We show that pre-computing skyline results while minimizing storage overhead is NP-hard, and we provide heuristics that solve the problem more efficiently, while maintaining storage at reasonable levels. Our algorithms are novel and also applicable to regular skyline computation, but we focus on the encrypted setting where materialization reduces the response time of skyline queries from hours to seconds. Extensive experiments show that we clearly outperform existing work in terms of performance, and our security analysis proves that we obtain a small (and quantifiable) data leakage.

Deep learning has made remarkable achievements in various domains. Active learning, which aims to reduce the budget for training a machine-learning model, is especially useful for the Deep learning tasks with the demand of a large number of labeled samples. Unfortunately, our empirical study finds that many of the active learning heuristics are not effective when applied to Deep learning models in batch settings. To tackle these limitations, we propose a density weighted diversity based query strategy (DWDS), which makes use of the geometry of the samples. Within a limited labeling budget, DWDS enhances model performance by querying labels for the new training samples with the maximum informativeness and representativeness. Furthermore, we propose a beam-search based method to obtain a good approximation to the optimum of such samples. Our experiments show that DWDS outperforms existing algorithms in Deep learning tasks.

In this paper we propose a security and cost aware scheduling heuristic for real-time workflow jobs that process Internet of Things (IoT) data with various security requirements. The environment under study is a four-tier architecture, consisting of IoT, mist, fog and cloud layers. The resources in the mist, fog and cloud tiers are considered to be heterogeneous. The proposed scheduling approach is compared to a baseline strategy, which is security aware, but not cost aware. The performance evaluation of both heuristics is conducted via simulation, under different values of security level probabilities for the initial IoT input data of the entry tasks of the workflow jobs.

Federated learning (FL) allows to train a massive amount of data privately due to its decentralized structure. Stochastic gradient descent (SGD) is commonly used for FL due to its good empirical performance, but sensitive user information can still be inferred from weight updates shared during FL iterations. We consider Gaussian mechanisms to preserve local differential privacy (LDP) of user data in the FL model with SGD. The trade-offs between user privacy, global utility, and transmission rate are proved by defining appropriate metrics for FL with LDP. Compared to existing results, the query sensitivity used in LDP is defined as a variable, and a tighter privacy accounting method is applied. The proposed utility bound allows heterogeneous parameters over all users. Our bounds characterize how much utility decreases and transmission rate increases if a stronger privacy regime is targeted. Furthermore, given a target privacy level, our results guarantee a significantly larger utility and a smaller transmission rate as compared to existing privacy accounting methods.

With the development of network, network security has become a topic of increasing concern. Recent years, machine learning technology has become an effective means of network intrusion detection. However, machine learning technology requires a large amount of data for training, and training data often contains privacy information, which brings a great risk of privacy leakage. At present, there are few researches on data privacy protection in the field of intrusion detection. Regarding the issue of privacy and security, we combine differential privacy and machine learning algorithms, including One-class Support Vector Machine (OCSVM) and Local Outlier Factor(LOF), to propose an hybrid intrusion detection system (IDS) with privacy protection. We add Laplacian noise to the original network intrusion detection data set to get differential privacy data sets with different privacy budgets, and proposed a hybrid IDS model based on machine learning to verify their utility. Experiments show that while protecting data privacy, the hybrid IDS can achieve detection accuracy comparable to traditional machine learning algorithms.

Pedestrian dead reckoning (PDR) is a widely used approach to estimate locations and trajectories. Accessing location-based services with trajectory data can bring convenience to people, but may also raise privacy concerns that need to be addressed. In this paper, a privacy-preserving pedestrian dead reckoning framework is proposed to protect a user’s trajectory privacy based on differential privacy. We introduce two metrics to quantify trajectory privacy and data utility. Our proposed privacy-preserving trajectory extraction algorithm consists of three mechanisms for the initial locations, stride lengths and directions. In addition, we design an adversary model based on particle filtering to evaluate the performance and demonstrate the effectiveness of our proposed framework with our collected sensor reading dataset.

With the recognition of cyberspace as an operating domain, concerted effort is now being placed on addressing it in the whole-of-domain manner found in land, sea, undersea, air, and space domains. Among the first steps in this effort is applying the standard supporting concepts of security, defense, and deterrence to the cyber domain. This paper presents an architecture that helps realize forward defense in cyberspace, wherein adversarial actions are repulsed as close to the origin as possible. However, substantial work remains in making the architecture an operational reality including furthering fundamental research cyber science, conducting design trade-off analysis, and developing appropriate public policy frameworks.

The goal of this study is to find whether exposure to Deepfake videos makes people better at detecting Deepfake videos and whether it is a better strategy against fighting Deepfake. For this study a group of people from Bangladesh has volunteered. This group were exposed to a number of Deepfake videos and asked subsequent questions to verify improvement on their level of awareness and detection in context of Deepfake videos. This study has been performed in two phases, where second phase was performed to validate any generalization. The fake videos are tailored for the specific audience and where suited, are created from scratch. Finally, the results are analyzed, and the study’s goals are inferred from the obtained data.

In recent years, the advent of deep learning-based techniques and the significant reduction in the cost of computation resulted in the feasibility of creating realistic videos of human faces, commonly known as DeepFakes. The availability of open-source tools to create DeepFakes poses as a threat to the trustworthiness of the online media. In this work, we develop an open-source online platform, known as DeepFake-o-meter, that integrates state-of-the-art DeepFake detection methods and provide a convenient interface for the users. We describe the design and function of DeepFake-o-meter in this work.

Deepfake detection techniques have been widely studied to resolve security issues. However, existing techniques mainly focused on RGB channel-based analysis, which still shows incomplete detection accuracy. In this paper, we validate the performance of Gray channel-based deepfake detection. To compare RGB channel-based analysis and Gray channel-based analysis in deepfake detection, we quantitatively measured the performance by using popular CNN models, deepfake datasets, and evaluation indicators. Our experimental results confirm that Gray channel-based deepfake detection outperforms RGB channel-based deepfake detection in terms of accuracy and analysis time.

The main objective of Human Activity Recognition (HAR) is to detect various activities in video frames. Video surveillance is an import application for various security reasons, therefore it is essential to classify activities as usual and unusual. This paper implements the deep learning model that has the ability to classify and localize the activities detected using a Single Shot Detector (SSD) algorithm with a bounding box, which is explicitly trained to detect usual and unusual activities for security surveillance applications. Further this model can be deployed in public places to improve safety and security of individuals. The SSD model is designed and trained using transfer learning approach. Performance evaluation metrics are visualised using Tensor Board tool. This paper further discusses the challenges in real-time implementation.

Having a clear insight on the protocols carrying traffic is crucial for network applications. Deep Packet Inspection (DPI) has been a key technique to provide visibility into traffic. DPI has proven effective in various scenarios, and indeed several open source DPI solutions are maintained by the community. Yet, these solutions provide different classifications, and it is hard to establish a common ground truth. Independent works approaching the question of the quality of DPI are already aged and rely on limited datasets. Here, we test if open source DPI solutions can provide useful information in practical scenarios, e.g., supporting security applications. We provide an evaluation of the performance of four open-source DPI solutions, namely nDPI, Libprotoident, Tstat and Zeek. We use datasets covering various traffic scenarios, including operational networks, IoT scenarios and malware. As no ground truth is available, we study the consistency of classification across the solutions, investigating rootcauses of conflicts. Important for on-line security applications, we check whether DPI solutions provide reliable classification with a limited number of packets per flow. All in all, we confirm that DPI solutions still perform satisfactorily for well-known protocols. They however struggle with some P2P traffic and security scenarios (e.g., with malware traffic). All tested solutions reach a final classification after observing few packets with payload, showing adequacy for on-line applications.

Protocol parsing is to discern and analyze packets' transmission fields, which plays an essential role in industrial security monitoring. The existing schemes parsing industrial protocols universally have problems, such as the limited parsing protocols, poor scalability, and high preliminary information requirements. This paper proposes a text similarity-based protocol parsing scheme (TPP) to identify and parse protocols for Industrial Internet of Things. TPP works in two stages, template generation and protocol parsing. In the template generation stage, TPP extracts protocol templates from protocol data packets by the cluster center extraction algorithm. The protocol templates will update continuously with the increase of the parsing packets' protocol types and quantities. In the protocol parsing phase, the protocol data packet will match the template according to the similarity measurement rules to identify and parse the fields of protocols. The similarity measurement method comprehensively measures the similarity between messages in terms of character position, sequence, and continuity to improve protocol parsing accuracy. We have implemented TPP in a smart industrial gateway and parsed more than 30 industrial protocols, including POWERLINK, DNP3, S7comm, Modbus-TCP, etc. We evaluate the performance of TPP by comparing it with the popular protocol analysis tool Netzob. The experimental results show that the accuracy of TPP is more than 20% higher than Netzob on average in industrial protocol identification and parsing.

This paper designs a data anomaly detection method for power grid data centers. The method uses cloud computing architecture to realize the storage and calculation of large amounts of data from power grid data centers. After that, the STL decomposition method is used to decompose the grid data, and then the decomposed residual data is used for anomaly analysis to complete the detection of abnormal data in the grid data. Finally, the feasibility of the method is verified through experiments.

Radio frequency (RF) signal classification has significantly been used for detecting and identifying the features of unknown unmanned aerial vehicles (UAVs). This paper proposes a method using empirical mode decomposition (EMD) and ensemble empirical mode decomposition (EEMD) on extracting the communication channel characteristics of intruding UAVs. The decomposed intrinsic mode functions (IMFs) except noise components are selected for RF signal pattern recognition based on machine learning (ML). The classification results show that the denoising effects introduced by EMD and EEMD could both fit in improving the detection accuracy with different features of RF communication channel, especially on identifying time-varying RF signal sources.

The paper deals with exponentially growing technology - Internet of Things (IoT) in the field of healthcare. It is spoken about the networked healthcare and medical architecture. The attention is given to the analysis of the international regulations on medical and healthcare cybersecurity. For building a trustworthy healthcare IoT solution, a developed normative hierarchical model of the international cybersecurity standards is provided. For cybersecurity assessment of such systems the case-oriented technique, which includes Advanced Security Assurance Case (ASAC) and an example on a wireless insulin pump of its application are provided.

The papers in this special section focus on resilient control in large-scae networked cyber-physical systems. These papers deal with the opportunities offered by these emerging technologies to mitigate undesired phenomena arising when intentional jamming and false data injections, categorized as cyber-attacks, infer communication channels. Recent advances in sensing, communication and computing have open the door to the deployment of largescale networks of sensors and actuators that allow fine-grain monitoring and control of a multitude of physical processes and infrastructures. The appellation used by field experts for these paradigms is Cyber-Physical Systems (CPS) because the dynamics among computers, networking media/resources and physical systems interact in a way that multi-disciplinary technologies (embedded systems, computers, communications and controls) are required to accomplish prescribed missions. Moreover, they are expected to play a significant role in the design and development of future engineering applications such as smart grids, transportation systems, nuclear plants and smart factories.

Increasing incidents of cyber attacks and evolution of quantum computing poses challenges to secure existing information and communication technologies infrastructure. In recent years, quantum key distribution (QKD) is being extensively researched, and is widely accepted as a promising technology to realize secure networks. Optical fiber networks carry a huge amount of information, and are widely deployed around the world in the backbone terrestrial, submarine, metro, and access networks. Thus, instead of using separate dark fibers for quantum communication, integration of QKD with the existing classical optical networks has been proposed as a cost-efficient solution, however, this integration introduces new research challenges. In this paper, we do a comprehensive survey of the state-of-the-art QKD secured optical networks, which is going to shape communication networks in the coming decades. We elucidate the methods and protocols used in QKD secured optical networks, and describe the process of key establishment. Various methods proposed in the literature to address the networking challenges in QKD secured optical networks, specifically, routing, wavelength and time-slot allocation (RWTA), resiliency, trusted repeater node (TRN) placement, QKD for multicast service, and quantum key recycling are described and compared in detail. This survey begins with the introduction to QKD and its advantages over conventional encryption methods. Thereafter, an overview of QKD is given including quantum bits, basic QKD system, QKD schemes and protocol families along with the detailed description of QKD process based on the Bennett and Brassard-84 (BB84) protocol as it is the most widely used QKD protocol in the literature. QKD system are also prone to some specific types of attacks, hence, we describe the types of quantum hacking attacks on the QKD system along with the methods used to prevent them. Subsequently, the process of point-to-point mechanism of QKD over an optical fiber link is described in detail using the BB84 protocol. Different architectures of QKD secured optical networks are described next. Finally, major findings from this comprehensive survey are summarized with highlighting open issues and challenges in QKD secured optical networks.

This paper describes a Cyber Threat, Vulnerability and Defense Modeling and Simulation tool kit used for evaluation of systems and networks to improve cyber resiliency. This capability is used to help increase the resiliency of networks at various stages of their lifecycle, from initial design and architecture through the operation of deployed systems and networks. Resiliency of computer systems and networks to cyber threats is facilitated by the modeling of agile and resilient defenses versus threats and running multiple simulations evaluated against resiliency metrics. This helps network designers, cyber analysts and Security Operations Center personnel to perform trades using what-if scenarios to select resiliency capabilities and optimally design and configure cyber resiliency capabilities for their systems and networks.

Natural disasters and cyber intrusions threaten the normal operation of the critical electric grid infrastructure. There is still no widely accepted methodology to quantify the resilience in power systems. In this work, power system resiliency refers to the ability of the system to keep provide energy to the critical load even with adverse events. A significant amount of work has been done to quantify the resilience for distribution systems. Even though critical loads are located in distribution system, transmission system play a critical role in supplying energy to distribution feeder in addition to the Distributed Energy Resources (DERs). This work focuses on developing a framework to quantify the resiliency of cyber-physical transmission systems. Quantifying the resiliency of the transmission network, is important to determine and devise suitable control mechanisms to minimize the effects of undesirable events in the power grid. The proposed metric is based on both system infrastructure and with changing operating conditions. A graphical analysis along with measure of critical parameters of the network is performed to quantify the redundancy and vulnerabilities in the physical network of the system. A similar approach is used to quantify the cyber-resiliency. The results indicate the capability of the proposed framework to quantify cyber-physical resilience of the transmission systems.

Recent cyber attacks on the power grid have been of increasing complexity and sophistication. In order to understand the impact of cyber-attacks on the power system resiliency, it is important to consider an holistic cyber-physical system specially with increasing industrial automation. In this study, device-level resilience properties of the various controllers and their impact on the microgrid resiliency is studied. In addition, a cyber-physical resiliency metric considering vulnerabilities, system model, and device-level properties is proposed. Resiliency is defined as the system ability to provide energy to critical loads even in extreme contingencies and depends on system ability to withstand, predict, and recover. A use case is presented inspired by the recent Ukraine cyber-attack. A use case has been presented to demonstrate application of the developed cyber-physical resiliency metric to enhance situational awareness of the operator, and enable better proactive or remedial control actions to improve resiliency.

Recent cyber attacks on the power grid have been of increasing complexity and sophistication. In order to understand the impact of cyber-attacks on the power system resiliency, it is important to consider an holistic cyber-physical system specially with increasing industrial automation. In this work, device level resilience properties of the various controllers and their impact on the microgrid resiliency is studied. In addition, a cyber-physical resiliency metric considering vulnerabilities, system model, and device level properties is proposed. A use case is presented inspired by the recent Ukraine cyber-attack. A use case has been presented to demonstrate application of the developed cyber-physical resiliency metric to enhance situational awareness of the operator, and enable better control actions to improve resiliency.